diff --git a/modules/services/grafana/module.nix b/modules/services/grafana/module.nix new file mode 100644 index 0000000..40e3227 --- /dev/null +++ b/modules/services/grafana/module.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib.modules) mkIf; + inherit (lib.options) mkEnableOption; + + cfg = config.modules.system.services.grafana; + domain = "info.copeberg.org"; + port = 4021; +in { + options.modules.system.services.grafana.enable = mkEnableOption "Grafana, a graphing service"; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port]; + + modules.system.services.database.postgresql.enable = true; + + services.grafana = { + enable = true; + package = pkgs.grafana; + + settings = { + server = { + http_addr = "127.0.0.1"; + http_port = port; + + root_url = "https://${domain}"; + domain = domain; + enforce_domain = true; + }; + database = { + type = "postgres"; + host = "/run/postgresql"; + name = "grafana"; + user = "grafana"; + ssl_mode = "disable"; + }; + + analytics = { + reporting_enabled = false; + check_for_updates = false; + }; + + # users.allow_signup = false; + }; + }; + services.nginx = { + enable = true; + virtualHosts.${domain} = { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + }; + }; +} diff --git a/modules/services/postgresql/module.nix b/modules/services/postgresql/module.nix index 84e95b5..c055d0a 100644 --- a/modules/services/postgresql/module.nix +++ b/modules/services/postgresql/module.nix @@ -27,6 +27,7 @@ in { ensureDatabases = [ "git" + "grafana" ]; ensureUsers = [ @@ -44,6 +45,10 @@ in { name = "git"; ensureDBOwnership = true; } + { + name = "grafana"; + ensureDBOwnership = true; + } ]; settings = { # taken from https://pgconfigurator.cybertec.at/